News0 min ago
Imagined Security
35 Answers
I have just demonstrated how one can take over a PayPal account.
Earlier today PayPal insisted (online) they wanted to phone me at home to check on my identity before I would be allowed to make a PayPal payment of £1.49. But I am not at home so my home landline number is of no help, there is no-one there to answer. So I phoned Paypal to sort this out.
A machine asked me for the number associated with my account - I quoted my landline/home number. After a while a staff member came on the line and asked me for my name and my e-mail address. He explained that if I would provide a mobile number, must be a UK mobile not any other country, he would send a text message which I should read out to him over the phone - this, he said (predictably), is for security. He did and I did. He refused to accept that using my e-mail address was just as secure for sending the code, "could be hacked into" he said. He had no sympathy for my protestations, his screen no doubt forbids that.
Now the mobile number I gave him (not mine, by the way - I don't have one) is associated with my PayPal account. I got what the banks call a one-time password on it and succeeded in completing the payment. PayPal does not have the imagination to allow one to have more than one number to provide/choose from and never anything outside the UK so I am stuck with someone else's mobile number until I "hack in" again and change it to something else - they cancelled my home number from the list.
Here's the point: I could be anyone who knows my name, home phone number and e-mail address and I could now, with the/my magic wand everyone now insists on, have taken over my PayPal account, although the stone age security feature of the password would in reality be the real security feature. The mobile phone and those who sell/serve them are in charge of when we sit or stand (pay up, you mug). Every time I have this sort of experience I detest the things more and am that much less likely to shackle myself exclusively to one.
This disease seems particularly rife in the financial world, hence this is in Business & Finance.
Earlier today PayPal insisted (online) they wanted to phone me at home to check on my identity before I would be allowed to make a PayPal payment of £1.49. But I am not at home so my home landline number is of no help, there is no-one there to answer. So I phoned Paypal to sort this out.
A machine asked me for the number associated with my account - I quoted my landline/home number. After a while a staff member came on the line and asked me for my name and my e-mail address. He explained that if I would provide a mobile number, must be a UK mobile not any other country, he would send a text message which I should read out to him over the phone - this, he said (predictably), is for security. He did and I did. He refused to accept that using my e-mail address was just as secure for sending the code, "could be hacked into" he said. He had no sympathy for my protestations, his screen no doubt forbids that.
Now the mobile number I gave him (not mine, by the way - I don't have one) is associated with my PayPal account. I got what the banks call a one-time password on it and succeeded in completing the payment. PayPal does not have the imagination to allow one to have more than one number to provide/choose from and never anything outside the UK so I am stuck with someone else's mobile number until I "hack in" again and change it to something else - they cancelled my home number from the list.
Here's the point: I could be anyone who knows my name, home phone number and e-mail address and I could now, with the/my magic wand everyone now insists on, have taken over my PayPal account, although the stone age security feature of the password would in reality be the real security feature. The mobile phone and those who sell/serve them are in charge of when we sit or stand (pay up, you mug). Every time I have this sort of experience I detest the things more and am that much less likely to shackle myself exclusively to one.
This disease seems particularly rife in the financial world, hence this is in Business & Finance.
Answers
Best Answer
No best answer has yet been selected by KARL. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.Ofcom states,
"if you don't use your PAYG phone at least once every few months, when you do try to use it you could be left without a signal.
Recycled numbers
That's because if a PAYG phone number is not being used, the mobile operator can suspend the service and recycle the number. This is to ensure that the numbers they have are being used efficiently.
The length of time before a mobile provider deems a phone inactive varies: for some providers it can be as little as 70 days, while others wait six months or longer."
"if you don't use your PAYG phone at least once every few months, when you do try to use it you could be left without a signal.
Recycled numbers
That's because if a PAYG phone number is not being used, the mobile operator can suspend the service and recycle the number. This is to ensure that the numbers they have are being used efficiently.
The length of time before a mobile provider deems a phone inactive varies: for some providers it can be as little as 70 days, while others wait six months or longer."
barry, I know it is the practice that numbers deemed insufficiently used are closed down and re-allocated. What I am doubtful about is that this is a legal requirement instead of being the (joint/co-ordinated) policy exercised by operators. Regardless of the amount involved, why should your money or mine be purloined supposedly in your interest or mine against our choice just to add some fluff to somebody's concept of security. It all still comes down to the password - which was the requirement decades back, it was and remains THE security. The mobile is in this nothing more than a comfort blanket and some of us choose not to have one.
Oh, barry, there are plenty of examples of when a number is closed down the credit is irretrievably lost - or do you know of someone losing the number but having the unused credit paid to them ? Pay as you go SIMS are often (nearly always ?) unattached to a name or address so refunding would not be straight forward.
Points taken, Karl, but in this case I think you’re doing yourself down by proving a point.
You can buy an old Nokia on ebay for £15, and then subscribe to the one of the cheaper PAYG providers.
Alright, it’s a couple of quid a month down the swanee, but as you choose to get involved in ‘modern’ life (by using Paypal etc.), see it as a necessary expense.
Noses and faces spring to mind otherwise!
A
You can buy an old Nokia on ebay for £15, and then subscribe to the one of the cheaper PAYG providers.
Alright, it’s a couple of quid a month down the swanee, but as you choose to get involved in ‘modern’ life (by using Paypal etc.), see it as a necessary expense.
Noses and faces spring to mind otherwise!
A
Allen, Just you wait until, sometime not too far in the future, you roll up at your chosen supermarket and they tell you the latest "improvements" in customer service. Now not only must you arrive in a car but the 2.0 version is that you must have an all-electric car. This is so the supermarket can get points for environmental friendliness.
I deal with two different financial institutions both of which have issued me with a random number generator (different type each, one the size of a USB memory stick). This has worked flawlessly for I think three or four years (on the same battery). This is every bit as good as the mobile approach and cost (them) next to nothing. Now that is imagination and service to the customer.
I am well aware of the powerful pressure of fashion leading to conformity but not everybody chooses to follow every wave and yet others refuse to be compelled to. Not long ago one such was the only one to be able to report a power outage because he had a landline and a corded phone to go with it.
I deal with two different financial institutions both of which have issued me with a random number generator (different type each, one the size of a USB memory stick). This has worked flawlessly for I think three or four years (on the same battery). This is every bit as good as the mobile approach and cost (them) next to nothing. Now that is imagination and service to the customer.
I am well aware of the powerful pressure of fashion leading to conformity but not everybody chooses to follow every wave and yet others refuse to be compelled to. Not long ago one such was the only one to be able to report a power outage because he had a landline and a corded phone to go with it.
Those random number generators and card reader devices were not much good for us as a didn't carry it around with me , to work for example. And my good wife once needed to make a urgent payment but found the battery had packed in on her device and the bank said she'd after wait a week until a new device would be delivered
Thecorbyloon, I venture that the price per unit in a 50,000 production run is likely less than a Pound and certainly less than two. Distribution through the post costs as much or more than the unit. One of these is infinitely more complex and as a result more expensive
https:/ /www.eb ay.co.u k/itm/S CIENTIF IC-CALC ULATOR- ELECTRO NIC-OFF ICE-10- DIGITS- SCHOOL- EXAMS-G CSE-WOR K-OFFIC E/13071 3931819 ?epid=1 1294896 45& hash=it em1e6f2 8502b:g :hn4AAO Sw-09Z8 NKM
https:/
£4 each when buying 10 the banks will get them much much cheaper:
Amazon.com User Recommendation
They are not just "random number generators" they have to in sync with a stored version in the bank's computers. I use one every day for work.
Amazon.com User Recommendation
They are not just "random number generators" they have to in sync with a stored version in the bank's computers. I use one every day for work.
I used to use one of those devices and kept it in my wallet.
As I used to keep the walker in my back pocket I must have crushed it at some point and broke it.
I used the replacement until I washed my jeans with the wallet in the back pocket and ruined the device.
I now use the bank's app on my 'phone.
As I used to keep the walker in my back pocket I must have crushed it at some point and broke it.
I used the replacement until I washed my jeans with the wallet in the back pocket and ruined the device.
I now use the bank's app on my 'phone.